[openssl-project] Entropy seeding the DRBG
rsalz at akamai.com
Tue Apr 3 16:58:17 UTC 2018
> Please note that that 50% extra is only used for instantiating the
DRBG. On reseed we it only uses 256 bits.
True. And now we're finding that VMS won't work. And I bet there are other systems that will also find this amount excessive.
> There is an alternative to that 50% extra, but it's not making
sense to me.
> The 1.1.0 version also used 256 bit.
The 1.1.0 code was pre-DRBG and was a piece of crap. Using AES/DRBG is stronger, better, and for the normal case 128 bits is enough.
More information about the openssl-project